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[57] ABSTRACT 

Apparatus, and a method for its use, for automatically 
verifying the identity of a person seeking access to a 
protected property that is remotely located with respect to 
the apparatus, such as a remotely located computer file or 
building alarm system. The apparatus, which is disclosed in 
the form of a handheld device (14) or other portable device 
(14'), includes a sensor (16) for reading biometric data, such 
as a fingerprint image, from the person, and a correlator (28) 
for comparing the sensed data with a previously stored 
reference image (32) and for determining whether there is a 
match. If there is a match, the device (14) initiates an 
exchange of signals over a communication network, with the 
"door" (10) that protects the property. Specifically, the 
device (14) generates a numerical value, such as a cyclic 
redundancy code, from the stored reference image (32), 
encrypts the numerical value, and transmits it to the door 
(10) as confirmation of the person's identity. For further 
security, the person registers this numerical value at each 
door (10) to which access is desired. Upon receipt of identity 
confirmation from the device (14), the door (10) compares 
the received numerical value with the one stored during 
registration, before granting access to the protected property. 

2 Claims, 4 Drawing Sheets 
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REMOTE IDENTITY VERIFICATION 
TECHNIQUE USING A PERSONAL 
IDENTIFICATION DEVICE 

BACKGROUND OF THE INVENTION 

The present invention relates generally to personal iden- 
tification or verification systems and, more particularly, to 
systems that automatically verify a person* s identity before 
granting access to valuable information or granting the 
ability to perform various transactions remotely. 
Traditionally, keys and locks, or combination locks, have 
been used to limit access to property, on the theory that only 
persons with a right to access the property will have the 
required key or combination. This traditional approach is, of 
course, still widely used to limit access to a variety of 
enclosed spaces, including rooms, buildings, automobiles 
and safe deposit boxes in banks. In recent years, mechanical 
locks have been supplanted by electronic ones actuated by 
encoded plastic cards, as used, for example, for access to 
hotel room doors, or to bank automatic teller machines 
(ATMs). In the latter case, the user of the plastic card as a 
"key" to a bank account must also supply a personal 
identification number (PIN) before access is granted. 

A significantly different problem is presented when some- 
one seeks access to information remotely, such as by tele- 
phone or through some other type of communication net- 
work. Telephone verification of identity is typically 
accomplished using passwords, personal identification num- 
bers (PINs), or words of which only a limited number of 
people have knowledge. Banks frequently use the custom- 
er's mother's maiden name as an access code, sometimes 
coupled with other codes or numbers theoretically known 
only to the customer. There are many practical shortcomings 
to this approach, the most obvious of which is that any of 
these codes or secret words can be stolen, lost or fall into the 
wrong hands by other means. Security may be increased by 
encoding identity data into magnetic stripes on plastic 
identification cards, which are used in conjunction with 
telephones that have appropriate card readers. The use of 
"smart cards" containing even more information on an 
integrated-circuit chip has also been proposed, but these 
approaches also have the drawback that the identity cards 
may be lost or stolen. 

Accordingly, there is a widely felt need for a more reliable 
technique for providing secure access to information and 
assets, particularly for users who seek this access over a 
communication system of some kind. Ideally, the technique 
should positively verify the identity of the person seeking 
remote access, and should eliminate the need to carry 
multiple scannable cards, and the need to memorize 
combinations, passwords and PINs. The present invention 
satisfies this need. 

SUMMARY OF THE INVENTION 

The present invention resides in apparatus, and a method 
for its use, for automatically verifying the identity of a 
person seeking remote access to a protected property. The 
protected property may take a variety of forms, but typically 
includes a remotely located computer to which a user seeks 
access for reading or writing information. Alternatively, the 
protected property may be a building or other structure and 
the user wishes to activate or deactivate an alarm system in 
the building. 

Briefly, and in general terms, the apparatus of the present 
invention comprises a personal identification device and 
means for securely communicating identity confirmation to 
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a door that provides access to the protected property upon 
receipt of the identity confirmation. The personal identifi- 
cation device includes a sensor, for reading biometric data 
identifying a person seeking access to a protected property, 

5 storage means, for storing reference biometric data identi- 
fying a person authorized to have access to the protected 
property, and a correlator, for comparing the stored reference 
biometric data with the biometric data of the person seeking 
access and determining whether they match. The apparatus 

1Q may further comprise a user interface having a first switch 
to initiate operation of the apparatus in a verification mode, 
and a second switch, actuation of which places the apparatus 
in an enroll mode of operation, wherein biometric data from 
the sensor are stored in the storage means for subsequent 

J5 retrieval in the verification mode of operation. 

In one of the disclosed embodiments of the invention, the 
sensor, the storage means and the correlator are all integrated 
into a portable communication device, such as a telephone, 
which may be a device carried by the person, or some other 

20 tv P e °f communication device remote from the protected 
property. In the disclosed embodiments, the means for 
securely communicating identity confirmation includes 
means for generating a numerical value from the stored 
reference biometric data; encryption logic, for encrypting 

25 the numerical value; and a communication interface for 
sending the encrypted numerical value to the door, together 
with identification data for the person. The door provides the 
desired access to the protected property upon confirming 
that the transmitted numerical value is the same as one 

30 previously provided by the person during a registration 
procedure. 

The apparatus of the invention may further include a 
receiver, for receiving an encryption key generated by and 
transmitted from the door, and means for storing a private 

35 encryption key in the identification device. Further, the 
encryption logic in the device includes means for doubly 
encrypting the numerical value using the encryption key 
received from the door and the private encryption key. 
The apparatus of the invention may also be defined as a 

40 separate device that includes a sensor, for reading fingerprint 
data identifying a user seeking access to a protected prop- 
erty; a memory for storing a reference fingerprint image of 
the user during an enrollment procedure and for holding the 
reference image for future use; an image correlator, for 

45 comparing the stored reference image with a fingerprint 
image of the user seeking access, as obtained from the 
sensor, and for determining whether the two images match; 
and means for securely communicating identity confirma- 
tion to a door that provides access to the protected property 

50 upon receipt of the identity confirmation. More specifically, 
the means for securely communicating identity confirmation 
includes means for generating a numerical value from the 
stored reference fingerprint image; encryption logic, for 
encrypting the numerical value; and a transmitter for send- 

55 ing the encrypted numerical value to the door, together with 
user identification data. The door provides the desired access 
to the protected property upon confirming that the transmit- 
ted numerical value is the same as one previously provided 
by the user during a registration procedure. 

60 In the personal identification device as defined in the 
previous paragraph, the means for generating a numerical 
value includes means for generating a cyclic redundancy 
code from the stored reference fingerprint image. The device 
further includes a receiver, for receiving an encryption key 

65 generated by and transmitted from the door; and means for 
storing a private encryption key in the device. The encryp- 
tion logic in the device includes means for doubly encrypt- 
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ing the numerical value using the encryption key received secure access to remotely located computers or similar 

from the door and the private encryption key. protected properties. More particularly, the invention allows 

In terms of a novel method for automatically verifying the multiple properties or assets to be accessed remotely using 

identity of user seeking access to a remotely located, pro- a security device, which reliably identifies its owner using 

tected computer, the invention comprises the steps of sens- 5 biometric data, such as a fingerprint. Because identification 

ing biometric data of a user, through a sensor that is part of is verified in a small portable device, communication with 

a personal identification device carried by the user; com- multiple "doors" to protected property can be limited to a 

paring the sensed biometric data with reference biometric simple identity confirmation message, appropriately 

data previously stored in the personal identification device; encrypted to prevent eavesdropping or reverse engineering, 

determining whether the sensed biometric data match the 1Q Qther and advant of the invention ^ become 

reference biometric data; if there is a match securely apparent from the following more detailed description, taken 

communicating, through a communication network, an iden- - m OTnluncticm with the accompanying drawiags F 
tity confirmation to a door that controls access to the 

protected computer; and upon confirmation of the identity of BRIEF DESCRIPTION OF THE DRAWINGS 
the user at the door, providing the desired access to the 

protected computer. The method further comprises the step FIG. 1A is a diagram illustrating an application of the 

of initiating normal operation of the personal identification invention, wherein a personal identification device inte- 

device by means of a manual switch. grated into a cellular telephone is used to open a door 

In one embodiment of the method, the step of securely remotely, through a communication network; 
communicating includes generating a numerical value from 2 q FIG. IB is a block diagram showing the use of a personal 
the stored reference biometric data; encrypting the numeri- identification device in conjunction with a portable 
cal value; transmitting the encrypted numerical value to the computer, to gain access to a remotely located computer; 
door; transmitting user identification data to the door; FIG. 2 is a block diagram depicting the principal corn- 
receiving and decrypting the encrypted numerical value at ponents of the present invention; 

the door; comparing the decrypted numerical value with one - c m ^ 1 • j ♦ 1 j ui 1 j* u *i_ 

' j . , l i_ j . . . 25 FIG. 3 is a more detailed block diagram showing the 

previously stored at the door by the user during a registration „. r „ _ , , , ^ . ™« . & , 

r / r. lL fl , f ^ , j • components 01 a processor module shown in FIG. 2; and 

process, to confirm the identity of the user; and if the identity *\ r . 

of the user is confirmed, activating a desired function to FIG. 4 is a block dmgram showing a sequence of signals 

provide access to the protected property. transmitted between the portable device and a door to 

More specifically, the step of securely communicating 30 P rotecteci property- 
further comprises the steps of generating at the door a DESCRIPTION OF THE PREFERRED 
random pair of door public and private encryption keys; EMBODIMENTS 
transmitting the door public key to the personal identifica- 
tion device; selecting for the personal identification device a As shown in the drawings for purposes of illustration, the 
pair of public and private encryption keys for all subsequent 35 present invention pertains to a system for automatic verifi- 
uses of the device; providing the personal identification cation of the identity of a person seeking remote access to 
device public key to the door as part of the door registration protected property, over a communication network, 
process; and storing the personal identification device pri- Traditionally, remote access to protected property has been 
vate key secretly in the device. The encrypting step includes controlled with the use of passwords, codes and similar 
doubly encrypting the numerical value with the door public 4 q devices. 

key and the personal identification device private key. The In accordance with the present invention, the person 

method further includes the step, performed at the door, of seeking access to protected property carries a portable 

decrypting the doubly encrypted numerical value using the identification device that includes a sensor capable of 

personal identification device public key and the door pri- obtaining selected biometric measurements associated with 

vate key. 45 the person, and communicating with a related device located 

The invention may also be defined as a method for a user near the "door" of the protected property. Preferably, the 

to obtain access to a remotely located and protected portable device also includes identity verification means, 

computer, the method including the steps of placing a finer which compares the biometric measurements obtained from 

on a fingerprint sensor in a device; actuating the device to the sensor with corresponding measurements stored in a 

sense and record a fingerprint of the user; comparing the 50 reference set of biometric measurements that were obtained 

sensed fingerprint with reference fingerprint data previously from the same person during an enrollment procedure per- 

stored in the device; transmitting, upon a successful formed earlier. 

comparison, an identity confirmation from the device and FIG. 1A shows diagrammatical ly how the invention is 
over a communication network to the protected computer; used to open a "door," indicated by reference numeral 10, to 
and providing requested access to the protected computer 55 protected property. A person seeking entry to the door 10 
upon receipt of an identity confirmation. The step of trans- carries a small handheld device, which may be integrated 
mining an identity confirmation ideally includes encrypting into a cellular telephone 14' or may take the form of a 
the identity confirmation in the device and decrypting the separate device 14 (FIG. IB). It will be understood, 
identity confirmation in the protected computer. More however, that the handheld device could be integrated into 
specifically, encrypting in the device includes doubly 6 o other types of communication terminals. The telephone 14' 
encrypting using a public encryption key received from the communicates with a receiver 15 located near the door 10. 
protected computer and a private encryption key stored in In the presently preferred embodiment of the invention, the 
the device, and decrypting includes doubly decrypting using telephone 14' includes a biometric sensor, which, in the 
a public key provided by the device user and a private presently preferred embodiment of the invention, is a fin- 
encryption key generated in the computer. 65 gerprint sensor 16. It will be understood, however, that the 
It will be appreciated from the foregoing that the present principles of the invention are also applicable to a device 
invention represents a significant advance in providing that employs other biometric properties to identify the user, 
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such as print patterns from other parts of the anatomy, or iris manageable binary form. In the enrollment mode, the pre- 

patteras of the eye. processed image is stored in the reference image storage 

The telephone 14' communicates with the receiver 15 arca 32 » & indicated by the broken line 40. Enrollment is 

through a communication network 17 and a communication performed when the user first acquires the device 14, and is 

interface 18 located near the door 10. Hie interface 18 may 5 normally not repeated unless the device is lost or damaged, 

be, for example, a telephone. FIG. IB shows how the Fo ? additional security and convenience the user may be 

n • , 1£ , * j . i * . asked to enroll two tinge rpnnts, to allow tor continued 

?S ge 5T T° r ™? 3 ^ P , C ° mP acc ess if the user injures a finger for example. In a verifi- 

19. When the user wishes to access information in a ^ mode of J erationj th * pre . proces ^ d fingerpr i n t 

remotely located computer, referred to as 10' because it image is inpm tQ the 28 , as indicated by line 43, 

embodies another form of a door, the user connects the 10 whe re it is compared with the reference image obtained from 

sensor 16 to the laptop computer 19, effects a connection to storage 32 over line 44. The correlator 28 uses an appro- 

the computer 10' through the communication network 17 priate technique to compare the images, depending on the 

and communication interface 18, and then is identified by level of security desired. Because speed of operation is an 

means of the sensor. important factor, a bit-by-bit comparison of the entire 

When the user places a finger over the sensor 16 and 15 images is usually not performed. Rather, significant features 

actuates a switch, the person's fingerprint is scanned and is °f the reference image are identified and the same features 

compared with a reference fingerprint image stored in the are looked for in the newly scanned image. The techniques 

device 14 or 14', which includes a fingerprint correlator (not disclosed in U.S. Pat. No. 5,067,162 may, for example, be 

shown in FIGS. 1A and IB) for this purpose. If the com- incorporated into the correlator 28 for some applications of 

parison results in a match, the device 14/14* transmits a 20 i] f *™<* 14 Preferably, the fingerprint correlator 28 

confirming message to the door 10, or the computer 10'. The f hould # ^£ e teaching u S °f a "W 0 *** a PP hca " 

door 10 is ooened to allow access bv the user 12 or the tl0D enUtled Fu3 g er P™t Feature Correlator, by inventors 

door iu is opened to allow access by me user iz, or me Bmce w £vans et al whjch fe hereb m orated 5 

computer 10 is conditioned to permit data access by the refcrence ^ ^ specificatioih M a rcsu * u of th ; compar /_ 

user * 25 son °f the images, the correlator 28 may generate a match 

The nature of the confirming message sent to the door 10 signal on line 46, which activates the CRC generator 30. If 

or the computer 10' is of considerable importance, because a no-match signal is generated, as indicated on line 48, no 

a simple "OK" or "open" signal in a standardized format further processing is performed. Optionally, the no-match 

would be easy to duplicate in a "cloning*' process, and signal on line 48 may be used to actuate an indicator on the 

unauthorized access would be a relatively simple matter. The 3Q user interface 38. 

confirming message should ideally be in the same format for The cyclic redundancy code (CRC) generator 30, when 

different access "doors," but should be encoded or encrypted actuated by a match signal on line 46, generates a relatively 

in a way that prevents its duplication and prevents reverse i on g (such as 128 bits) binary number derived from the 

engineering of the device 14. Details of one technique for reference image data. The CRC provides a single number 

accomplishing these goals are provided below. 35 thatj f or jjj practical purposes, uniquely identifies the stored 

FIG. 2 shows the principal components of the device 14, reference fingerprint image. Even if two fingerprint images 

including the fingerprint sensor 16, a processor module 20, produced the same CRC, which is highly unlikely, the 

a transceiver 22 and a battery power supply 24. It will be security of the system of the invention would not be 

understood that the same components may be integrated into compromised, as will shortly become clear, 

another device, such as the cellular telephone 14', and that 40 The CRC itself is not stored in the device 14, but is 

the battery power supply 24 may be integrated with the transmitted in encrypted form to the door receiver 15. Before 

telephone battery. The fingerprint sensor 16 may be of any using the device 14 for access to a particular door 10 for the 

available design, and may include a capacitive, optical or first time, the user 12 must first "register" at the door. The 

other sensor. The sensor 16 produces a binary or grayscale registration process is one in which an administrator of the 

image of a portion of the user's fingerprint. For rapid 4S door stores the user's name (or account number, or other 

processing, the entire image may not be used in the com- identifying information), in association with a public 

parison process that follows, but what the sensor 16 provides encryption key to be used in the user's device 14, and the 

is a detailed "map" of the fingerprint, including all of its user's CRC as derived from the user's reference fingerprint, 

ridges and valleys. The processor module 20 is shown in If the door 10 provides access to a financial institution, for 

more detail in FIG. 3. 50 example, the user will register by bringing his or her device 

The processor module 20 includes a processor 26, which 14 to the institution, and transmitting the fingerprint CRC 

may be, for example a RISC (reduced instruction set from the device to the door receiver 15. In the registration 

computer) processor, a fingerprint matcher, which is a fea- mode, the door receiver 15 will store the user's CRC in 

lure correlator 28 in the preferred embodiment of the association with the users name or other identifying infor- 

invention, a cyclic redundancy code (CRC) generator 30, 55 mation. As part of the registration process, the user 12 will 

storage 32 for a reference fingerprint image, encryption logic normally be required to present some form of identification 

34 and storage 36 for a private encryption key. The device other than the device 14, to prove to the institution that the 

14 also includes a user interface 38 through which the user user is, in fact, the one whose name or other identifying 

12 initiates operation in various modes. Basically, the user information is presented and will be stored in the door 10. 

interface 38 includes one main operating button, which may 60 As will now be explained in more detail, in a subsequent 

be incorporated into the fingerprint sensor 16, and at least use of the device 14 for access to a door 10 at which the user 

one additional button to initiate operation in the enrollment has registered, the device transmits a user name and the CRC 

mode. The principal function of the processor 26 is to corresponding to the stored reference image. Logic at the 

pre-process and enhance the fingerprint image provided by door 10 or computer 10' then compares the received CRC 

the sensor 16. Preprocessing includes "cleaning" the image, 65 with the one that was stored for the named user during 

cropping the image to eliminate background effects, enhanc- registration. If there is a match, the door is opened for the 

ing contrast in the image, and converting the image to a more user. 
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FIG. 4 shows the communications that pass between the tion on the CRC that is generated. First, the encryption logic 

personal identification device 14 and a door 10, two different 34 in the device 14 encrypts the CRC using the door's public 

forms of which are shown, including a computer 10.1 and key. Then the resulting encrypted CRC is doubly encrypted 

another type of "door" 10.2, such as in a house or other using the device's private key. The doubly encrypted CRC 

property to which remote access is desired. Each door 10 has 5 is transmitted to the door 10, where it is decrypted using the 

an actuator 50, to perform some desired operation, such as device's public key and then using the doors private key to 

opening the door, and each door also has a database 52 in recover the CRC. The door 10 then compares this CRC with 

which is stored the user name, the user device public the CRC in its database 52 associated with the user name 

encryption key and the user CRC, for each user registered to seeking access to the door. If there is a match, the door 10 

use the door. For file access to the computer 10.1, the user J0 signals its actuator 50 to open the door or to perform some 

may simply need to access personal data relating to a user other desired operation. 

account in bank or other institution, or may need to down- It will be appreciated from this description that the 

load information from a file in the computer. For access to invention provides an extremely secure technique for 

the door 10.2, the user may need, for example, to make sure accessing protected property. The device 14 is designed such 

that an alarm system has been activated in a residence or tnat is cannot initiate a door opening operation without first 

office, matching the fingerprint of the user with the stored reference 

When the user actuates the device 14, the user name is ima S e * Even if a device thief successfully re-enrolls his own 

transmitted to the door 10 in non-encrypted form, as indi- fingerprint into the device, the CRCs stored in each of the 

cated by line 54. On receiving the user name, the door 10 doors where the n S htful user 15 registered would prevent 

generates a random pair of public and private encryption 20 operation of the doors by the thief, 

keys to be used in the ensuing exchange of messages. Since Someone attempting to fabricate a "cloned" device would 

public key encryption is used in this illustrative embodiment riot have the device private key, so the door would be unable 

of the invention, a few words of explanation are called for, t0 decrypt messages from the cloned device. If someone 

but it will be understood that the principles of public key we re to eavesdrop on a device transmission and try to 

encryption are well understood in the field of secure com- 25 emulate this message in a subsequent attempt to open the 

munication. same door, this approach would be foiled by the door's use 

In public key encryption, two separate encryption keys of a different set of keys for each transaction. Therefore, the 

are used: a "public" key (potentially known to everyone and device's encrypted message to any door will be different on 

not kept secret), and a "private" key (known to only one eacn occasion. 

party in a communication from one party to another). The 30 An additional level of security may be provided by storing 

pair of public-private keys has the property that, if either of the CRC at the door 10 in an internally encrypted form, to 

them is used to encrypt a message, the other one of the pair prevent theft of CRCs from doors. 

will decrypt the message. For example, party A can send a If the door 10 is the computer 10.1, and the user wishes 
secure message to party B by first encrypting with B's public to download information from the computer, this will usu- 
key. Only B can decrypt the message, because only B has 35 ally require an additional exchange of messages between the 
B's private key needed for decryption. Similarly, B could device 14 and computer 10,1, to establish an appropriate 
send an encrypted message to A using B's private key for level of security for the transfer of from the computer, 
encryption. A could decrypt the message with B's public Techniques for effecting secure data transmission may 
key, but so could anyone else, because B's public key may include the exchange of messages to establish a session 
be known to others. Therefore, the message transmitted 40 encryption key for the transmission, or an encryption key 
using this "backward" form of public key encryption would may have been previously established for this purpose, 
not be secure. It will be understood from the foregoing that the present 
The illustrative embodiment of the present invention uses invention represents a significant advance in the field of 
a double encryption form of public key encryption. Both the security devices for limiting access to remotely located 
device 14 and the door 10 have a public-private key pair. As 45 property. In particular, the invention allows a person to 
presently contemplated, the device 14 of the invention will obtain access to different properties remotely, using a hand- 
have a "fixed" public and private key pair, that is to say the held device that verifies its owner's identity very reliably, by 
public and private keys will not changed from one use of the means of unique biometric parameters, such as those found 
device to the next. The device public key is registered with in a fingerprint. Moreover, the device of the invention is 
each door 10 and it would be impractical to change it for 50 highly resistant to reverse engineering, "cloning" and other 
every use. The device private key is stored (at 36, FIG. 3) in techniques for tampering to obtain access to the protected 
the device 14, preferably in a form in which it cannot be properties. It will also be appreciated that, although a 
discerned by inspection or reverse engineering. The key specific embodiment of the invention has been described in 
may, for example, be encoded into the silicon structure of the detail for purposes of illustration, various modifications may 
processor module 20 in such a way that it is practically 55 be made without departing from the spirit and scope of the 
indecipherable by any normal reverse engineering tech- invention, which should not be limited except as by the 
nique. Each door 10 generates a new public-private key pair appended claims, 
on every new use of the door. Thus, these keys cannot be What is claimed is: 

determined in advance of the actual message exchange with 1. A personal identification device for automatically veri- 

a device 14. 60 fying the identity of a user seeking to use the device for 

Upon receipt of a user name from the device 14, the door access to a remotely located protected property, the device 

10 to which access is sought generates a random pair of comprising: 

public-private keys, and transmits the public key to the a sensor, for reading fingerprint data Identifying a user 

device without encryption, as indicated by line 58. Then, if seeking access to a protected property; 

the device 14 has validated the user's identification by 65 a memory for storing a reference fingerprint image of the 

successfully matching the sensed fingerprint image with the user during an enrollment procedure and for holding 

reference image, the device performs two levels of encryp- the reference image for future use; 
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an image correlator, for comparing the stored reference 
image with a fingerprint image of the user seeking 
access, as obtained from the sensor, and for determin- 
ing whether the two images match; and 
means for securely communicating identity confirmation 5 
to a door through a communication network, wherein 
the door provides access to the protected property upon 
receipt of the identity confirmation, and wherein the 
means for securely communicating identity confirma- 
tion includes; 10 
means for generating a numerical value from the stored 

reference fingerprint image, including means for 

generating a cyclic redundancy code from the stored 

reference fingerprint image; 
encryption logic, for encrypting the numerical value; 15 

and 

a transmitter for sending the encrypted numerical value 
to the door, together with user identification data; 



10 

wherein the door provides the desired access to the 
protected property upon confirming that the trans- 
mitted numerical value is the same as one previously 
provided by the user during a registration procedure. 
2. A personal Identification device as defined in claim 1, 
and further comprising: 

a receiver, for receiving an encryption key generated by 
and transmitted from the door through the communi- 
cation network; and 

means for storing a private encryption key in the device; 

and wherein the encryption logic includes means for 
doubly encrypting the numerical value using the 
encryption key received from the door and the private 
a encryption key. 

* * * * * 
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